From: Michael Krufky <mkrufky@linuxtv.org>
To: Goldwyn Rodrigues <rgoldwyn@gmail.com>
Cc: linux-dvb-maintainer@linuxtv.org, video4linux-list@redhat.com
Subject: Re: [v4l-dvb-maintainer] NULL pointer dereference while loading saa7133 on 2.6.25-rc2
Date: Tue, 26 Feb 2008 19:48:49 -0500 [thread overview]
Message-ID: <47C4B371.1050209@linuxtv.org> (raw)
In-Reply-To: <241c7a2b0802260708l3773ba8o503a4d72250a3b54@mail.gmail.com>
Goldwyn Rodrigues wrote:
> Hi Mike,
>
> On Wed, Feb 20, 2008 at 10:23 PM, <mkrufky@linuxtv.org> wrote:
>
>> Goldwyn Rodrigues wrote:
>> > Hi,
>> >
>> > I am facing a NULL pointer dereference in the saa7134 driver. I suppose
>> > the problem occurs because the tda8290_ops or tda8295_ops structure
>> > does not have the info field initialized. So, when a strlcpy occurs,
>> > it encounters a NULL.
>> >
>> >
>> Incorrect -- the info structure is initialized as all zeroes, and the
>> name field of the info struct is filled during tda829x_attach. But, it
>> doesn't look like the tda829x driver is even being called at all --
>>
>>
>>> The trace when the module is loaded is below.
>>>
>> >
>>
>> Based on saa7134-cards.c , the driver expects to see a tda829x + tda827x
>> combo. However, based on the dmesg shown below, the tda9887 driver is
>> successfully attaching to the driver, and it looks like tuner-simple
>> should be the module that is crashing, but I don't see it listed in the
>> trace
>>
>> Problem #1, the tda9887 is attaching, but this should be a tda8290.
>> Problem #2, we don't see what driver is trying to attach to 2-0060, but
>> an oops results.
>>
>> Can you test using the v4l-dvb master branch @linuxtv.org, tell us if
>>
>
> Yes the problem happened again with the branch from linuxtv.org
>
>
>> the problem persists. If it does, then I'll ask you to test again with
>> debug enabled, as follows:
>>
>> options tuner-simple debug=1
>> options tda9887 debug=1
>> options tda8290 debug=1
>> options tuner debug=1
>>
>>
>
> The complete log follows:
>
> Linux version 2.6.25-rc3-default (goldwyn@haathi) (gcc version 4.2.1
> (SUSE Linux)) #3 SMP Tue Feb 26 17:52:49 IST 2008
> Command line: root=/dev/sda7 vga=0x317 resume=/dev/sda6 splash=silent
>
> <snipped>
> Uniform CD-ROM driver Revision: 3.20
> sr 3:0:0:0: Attached scsi CD-ROM sr0
> rtc_cmos: probe of 00:05 failed with error -16
> Linux video capture interface: v2.00
> saa7130/34: v4l2 driver version 0.2.14 loaded
> forcedeth 0000:00:14.0: ifname eth0, PHY OUI 0x5043 @ 1, addr 00:1d:60:40:3d:c0
> forcedeth 0000:00:14.0: highdma pwrctl timirq gbit lnktim desc-v3
> ACPI: PCI Interrupt Link [AAZA] enabled at IRQ 22
> ACPI: PCI Interrupt 0000:00:10.1[B] -> Link [AAZA] -> GSI 22 (level,
> low) -> IRQ 22
> PCI: Setting latency timer of device 0000:00:10.1 to 64
> ACPI: PCI Interrupt Link [APC2] enabled at IRQ 17
> ACPI: PCI Interrupt 0000:01:09.0[A] -> Link [APC2] -> GSI 17 (level,
> low) -> IRQ 17
> saa7133[0]: found at 0000:01:09.0, rev: 16, irq: 17, latency: 32,
> mmio: 0xfddfe000
> saa7133[0]: subsystem: 1131:4ee9, board: SKNet MonsterTV Mobile
> [card=76,autodetected]
> saa7133[0]: board init: gpio is a00000
> ieee1394: Host added: ID:BUS[0-00:1023] GUID[0011d800016eccd7]
> saa7133[0]: i2c eeprom 00: 31 11 e9 4e 08 20 1c 55 43 43 a9 1c 55 43 43 a9
> saa7133[0]: i2c eeprom 10: 00 ff e6 07 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom 20: 01 00 02 02 01 3f 02 bf ac 0c 02 01 07 01 02 00
> saa7133[0]: i2c eeprom 30: 00 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c
> saa7133[0]: i2c eeprom 80: 31 11 e9 4e 08 20 1c 55 43 43 a9 1c 55 43 43 a9
> saa7133[0]: i2c eeprom 90: 00 ff e6 07 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom a0: 01 00 02 02 01 3f 02 bf ac 0c 02 01 07 01 02 00
> saa7133[0]: i2c eeprom b0: 00 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> saa7133[0]: i2c eeprom f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c
> tuner' 2-0043: chip found @ 0x86 (saa7133[0])
> tda9887 2-0043: tda988[5/6/7] found
> tuner' 2-0043: type set to tda9887
> tuner' 2-0043: tv freq set to 0.00
> tuner' 2-0043: TV freq (0.00) out of range (44-958)
> tda9887 2-0043: Unsupported tvnorm entry - audio muted
> tda9887 2-0043: writing: b=0xc0 c=0x00 e=0x00
> tuner' 2-0043: saa7133[0] tuner' I2C addr 0x86 with type 74 used for 0x0e
> tuner' 2-0043: Calling set_type_addr for type=54, addr=0xff,
> mode=0x04, config=0x00
> tuner' 2-0043: set addr for type 74
> All bytes are equal. It is not a TEA5767
> tuner' 2-0060: Setting mode_mask to 0x0e
> tuner' 2-0060: chip found @ 0xc0 (saa7133[0])
> tuner' 2-0060: tuner 0x60: Tuner type absent
> tuner' 2-0060: Calling set_type_addr for type=54, addr=0xff,
> mode=0x04, config=0x00
> tuner' 2-0060: set addr for type -1
> tuner' 2-0060: defining GPIO callback
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
> IP: [<ffffffff802fdd90>] strlcpy+0xd/0x31
> PGD 37560067 PUD 3b079067 PMD 0
> Oops: 0000 [1] SMP
> CPU 0
> Modules linked in: tuner(+) tea5767 tda8290 tda18271 tda827x
> tuner_xc2028 xc5000 firmware_class tda9887 tuner_simple tuner_types
> mt20xx tea5761 saa7134(+) compat_ioctl32 videodev snd_hda_intel(+)
> v4l1_compat v4l2_common videobuf_dma_sg rtc_cmos videobuf_core
> rtc_core sr_mod floppy parport_pc ir_kbd_i2c parport forcedeth snd_pcm
> snd_timer k8temp rtc_lib hwmon ohci1394 snd ir_common soundcore
> ieee1394 tveeprom cdrom snd_page_alloc button i2c_nforce2 i2c_core sg
> ext2 mbcache ehci_hcd ohci_hcd usbcore sd_mod amd74xx ide_core edd fan
> sata_nv pata_amd libata scsi_mod thermal processor
> Pid: 2075, comm: modprobe Not tainted 2.6.25-rc3-default #3
> RIP: 0010:[<ffffffff802fdd90>] [<ffffffff802fdd90>] strlcpy+0xd/0x31
> RSP: 0018:ffff81003d0edb90 EFLAGS: 00010286
> RAX: 0000000000000000 RBX: ffffffff883357bf RCX: ffffffffffffffff
> RDX: 0000000000000014 RSI: 0000000000000000 RDI: 0000000000000000
> RBP: ffff81003b568c00 R08: ffff81003759c804 R09: ffff810037644a58
> R10: ffff810001011b18 R11: ffffffffffffffff R12: ffff81003759c800
> R13: 0000000000000036 R14: 0000000000000004 R15: ffffffff883c96a5
> FS: 00007f83655b56f0(0000) GS:ffffffff80509000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 0000000000000000 CR3: 000000003cd7e000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process modprobe (pid: 2075, threadinfo ffff81003d0ec000, task ffff8100376447f0)
> Stack: ffffffff883c8fbc ffff8100375cc7d0 ffff81003b02c248 0000000000000000
> ffffffff802d1108 ffff81003b568f30 ffffffff883357bf 0000000000000000
> ffff81003759c828 ffff81003759c890 ffffffff803fd356 0000000000000000
> Call Trace:
> [<ffffffff883c8fbc>] ? :tuner:set_type+0x419/0x701
> [<ffffffff802d1108>] ? sysfs_create_link+0xb6/0x102
> [<ffffffff883357bf>] ? :saa7134:saa7134_tuner_callback+0x0/0x16e
> [<ffffffff803fd356>] ? klist_node_init+0x31/0x4e
> [<ffffffff883c9c68>] ? :tuner:tuner_command+0x1f6/0xfe6
> [<ffffffff802faf55>] ? kobject_get+0x12/0x17
> [<ffffffff88336f7e>] ? :saa7134:attach_inform+0x16c/0x1a7
> [<ffffffff883357bf>] ? :saa7134:saa7134_tuner_callback+0x0/0x16e
> [<ffffffff8814fe1d>] ? :i2c_core:i2c_attach_client+0xfb/0x138
> [<ffffffff8829f328>] ? :v4l2_common:v4l2_i2c_attach+0x6b/0x8b
> [<ffffffff883c9313>] ? :tuner:v4l2_i2c_drv_attach_legacy+0x0/0x1a
> [<ffffffff8814faeb>] ? :i2c_core:i2c_probe_address+0xb9/0xfd
> [<ffffffff88150769>] ? :i2c_core:i2c_probe+0x162/0x175
> [<ffffffff883c9313>] ? :tuner:v4l2_i2c_drv_attach_legacy+0x0/0x1a
> [<ffffffff8815009d>] ? :i2c_core:i2c_register_driver+0xa3/0xf3
> [<ffffffff880da082>] ? :tuner:v4l2_i2c_drv_init+0x82/0xf5
> [<ffffffff80250c7e>] ? sys_init_module+0x18fd/0x1a02
> [<ffffffff8814fb75>] ? :i2c_core:i2c_master_send+0x0/0x43
> [<ffffffff8028b759>] ? vfs_read+0xaa/0x132
> [<ffffffff8020be9b>] ? system_call_after_swapgs+0x7b/0x80
>
>
> Code: 01 c1 48 89 c1 4c 29 c2 48 39 d0 72 04 48 8d 4a ff fc 4c 89 cf
> 4c 01 c0 f3 a4 c6 07 00 c3 fc 31 c0 48 83 c9 ff 49 89 f8 48 89 f7 <f2>
> ae 48 85 d2 48 f7 d1 48 8d 41 ff 74 15 48 39 d0 48 89 c1 72
> RIP [<ffffffff802fdd90>] strlcpy+0xd/0x31
> RSP <ffff81003d0edb90>
> CR2: 0000000000000000
> ---[ end trace e299e9653aac288b ]---
> tuner' 2-0043: switching to v4l2
> tuner' 2-0060: switching to v4l2
> tuner' 2-0060: tv freq set to 400.00
> tuner' 2-0060: Tuner has no way to set tv freq
> tuner' 2-0060: tv freq set to 400.00
> tuner' 2-0060: Tuner has no way to set tv freq
> saa7133[0]: registered device video0 [v4l2]
> saa7133[0]: registered device vbi0
> tuner' 2-0043: Cmd TUNER_SET_STANDBY accepted for analog TV
> tda9887 2-0043: Unsupported tvnorm entry - audio muted
> tda9887 2-0043: writing: b=0xe0 c=0x00 e=0x00
> tuner' 2-0060: Cmd TUNER_SET_STANDBY accepted for analog TV
> Adding 1534168k swap on /dev/sda6. Priority:-1 extents:1 across:1534168k
> device-mapper: ioctl: 4.13.0-ioctl (2007-10-18) initialised: dm-devel@redhat.com
> loop: module loaded
> powernow-k8: Found 1 AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
> processors (2 cpu cores) (version 2.20.00)
> powernow-k8: MP systems not supported by PSB BIOS structure
> powernow-k8: MP systems not supported by PSB BIOS structure
>
> <snipped again>
>
> Regards,
>
>
I'm sorry -- I should have been more specific.
Can you test using a stable, released kernel (such as 2.6.24 or anything
earlier) PLUS the v4l-dvb tree on linuxtv.org
I just want to make sure that the bug is specific to v4l-dvb, or whether
it was caused by something else broken upstream.
Regards,
Mike
--
video4linux-list mailing list
Unsubscribe mailto:video4linux-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/video4linux-list
prev parent reply other threads:[~2008-02-27 0:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080220061151.GA14798@baloo>
2008-02-20 16:53 ` NULL pointer dereference while loading saa7133 on 2.6.25-rc2 mkrufky
[not found] ` <241c7a2b0802260708l3773ba8o503a4d72250a3b54@mail.gmail.com>
2008-02-27 0:48 ` Michael Krufky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47C4B371.1050209@linuxtv.org \
--to=mkrufky@linuxtv.org \
--cc=linux-dvb-maintainer@linuxtv.org \
--cc=rgoldwyn@gmail.com \
--cc=video4linux-list@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.